[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Developing on Debian



Jason Mock wrote:
> Hello,
> 
> I have a few more questions that were pushed my direction from our Board
> of Directors.  Before the questions though I would like to thank you for
> the fast response to my inquiry!  It will make you proud to know that
> you were the first response to the questions that I had out of Red Hat,
> Suse, Xandros, Slackware, and Mandriva.  Here are the 2 additional
> questions that I need some assistance with:
> 
> 1.  Security features, current and planned?

We have a highly responsive security team who address issues as they arise:

  http://www.debian.org/security/

This combined with the fact that our packaging system allows for continuous
upgrades means that when an alert happens, you will have developed a level
of confidence in the system that will allow you to actually perform the
upgrade.  Other systems, where one is not able to develop that confidence,
tend to gently rot to the point where nobody is brave enough to upgrade
anything, regardless of how grave the security flaws that are being left
open by not doing so.

The reason our upgrade system works so well is in part due to the chaotic
nature of our organisation.  Because we have vast numbers of developers,
and users, running all sorts of odd combinations of versions of software,
upgrading them in different orders, and generally doing bizarre things,
pretty much every conflict or dependency problem you were ever going to run
into has been found by someone else months ago -- that means that you won't
get bitten by those bugs.  If we only tested packages against the other
software in a particular release, and only attempted to build it for one or
two architectures, many of those packaging issues would go undetected, and
so would still be available to bite you.

So we have effective security updates, on a system where you will be brave
enough to actually apply them in a timely manner.

> 2.  Why is distribution better than others available?

I think I covered a lot of the points I the previous mail.

probably few things that should be of particular interest are:

The fact that we positively encourage people to do spin-off distributions
for specialist purposes, to the extent that we have mailing lists, and
tools to make that easier -- as an ISV, selling turn-key solutions, you are
in effect doing a specialised version of the OS you distribute, so having
the tools and experience of others to build that with is likely to make the
final result much more robust than if you're just standing there passively
waiting for the distribution vendor to slop whatever they felt like serving
up this time round into your bowl.

We don't expect you to pay is any sort of fee.  Not up-front, and not per
server.  Of course, you may chose to spend the money you've saved on
support from one of the many offering commercial support on Debian, but
that will be up to you, and if you don't like the support you get, you'll
have the chance to go elsewhere without needing to change the distribution
you're using.

There is absolutely no possibility of us going bust, changing business
strategy, deciding to sue the known universe or any of the other annoying
things that software vendors are prone to do, because we're not doing this
for the money, and I doubt there is anything anybody could do to stop most
of the people involved in Debian from doing what they're doing.

> Again thanks for your input, and help in our search for a Linux
> platform.  You guys are great!

Have fun, whatever you decide.

Cheers, Phil.

Attachment: signature.asc
Description: OpenPGP digital signature


Reply to: